Bitcoin Forum

Other => Off-topic => Topic started by: libert19 on February 08, 2023, 03:31:21 AM



Title: If you use online password managers like Lastpass, export your vault
Post by: libert19 on February 08, 2023, 03:31:21 AM
...encrypt it and put it somewhere safe. Just so, if it goes offline your data remains safe.


Title: Re: If you use online password managers like Lastpass, export your vault
Post by: mk4 on February 08, 2023, 03:40:42 AM
Just to add more info: good alternatives to the likes of LastPass would be either Bitwarden or KeePass; with both being open-source and free.

https://bitwarden.com/
https://keepass.info/

Still, don't store your wallet's backups on such software unless you 100% know what you're doing; which like 95% of people don't.


Title: Re: If you use online password managers like Lastpass, export your vault
Post by: tranthidung on February 08, 2023, 06:26:44 AM
Just to add more info: good alternatives to the likes of LastPass would be either Bitwarden or KeePass; with both being open-source and free.

https://bitwarden.com/
https://keepass.info/
There is KeepassDroid for Android devices too.
  • https://play.google.com/store/apps/details?hl=en&id=com.android.keepass&pli=1

Quote
Still, don't store your wallet's backups on such software unless you 100% know what you're doing; which like 95% of people don't.
I would like to store all backups offline that is better than online and on digital devices which can be hacked if they are connected to Internet or can be broken by technical issues.

[GUIDE] How to Create a Strong/Secure Password (https://bitcointalk.org/index.php?topic=5132378.0)
Are your passwords in the green? (https://www.hivesystems.io/blog/are-your-passwords-in-the-green). Read this educational article about password security and check your password later, then change it if it is weak in your opinion.


Title: Re: If you use online password managers like Lastpass, export your vault
Post by: witcher_sense on February 08, 2023, 07:26:06 AM
...encrypt it and put it somewhere safe. Just so, if it goes offline your data remains safe.
In the case of LastPass's recent data breach, it is not enough to just migrate your vault to an offline place or some other password manager. All your passwords and other sensitive information became accessible, albeit in encrypted form, to whoever conducted that hacker attack, which means in the long run, if the master passphrase you have set up was too weak, you can safely assume that all your passwords have already been compromised. So, it is usually pointless to re-use an old vault since all the passwords it contains have potentially been compromised. I suggest the following solution: login to websites on which you have accounts using LastPass, change your passwords one by one, inserting them in a more reliable password with a randomly generated master password. It will take some time, but it is more secure than simply using your old passwords in a new manager.


Title: Re: If you use online password managers like Lastpass, export your vault
Post by: Smack That Ace on February 08, 2023, 09:34:10 AM
...encrypt it and put it somewhere safe. Just so, if it goes offline your data remains safe.

Should use bitwarden or keepass as mk4 mentioned instead of lastpass, lastpass can be said to be the worst password manager app with many attacks in the past. I am also using bitwarden, but just to create and save regular passwords, passwords related to bank accounts should not be saved here, especially never save private keys here. Although these apps haven't been hacked like lastpass, there's no guarantee they won't be hacked in the future.


Title: Re: If you use online password managers like Lastpass, export your vault
Post by: libert19 on February 10, 2023, 02:30:49 PM
...encrypt it and put it somewhere safe. Just so, if it goes offline your data remains safe.
In the case of LastPass's recent data breach, it is not enough to just migrate your vault to an offline place or some other password manager. All your passwords and other sensitive information became accessible, albeit in encrypted form, to whoever conducted that hacker attack, which means in the long run, if the master passphrase you have set up was too weak, you can safely assume that all your passwords have already been compromised. So, it is usually pointless to re-use an old vault since all the passwords it contains have potentially been compromised. I suggest the following solution: login to websites on which you have accounts using LastPass, change your passwords one by one, inserting them in a more reliable password with a randomly generated master password. It will take some time, but it is more secure than simply using your old passwords in a new manager.

I meant it for original user -  so there remains a way to access your data in case company itself goes off. What security if you can't access your own data in first place?